tag:blogger.com,1999:blog-1094392735627525300.post3533406396808463736..comments2023-06-02T00:46:19.118-07:00Comments on tekwizz123's Blog: Try Harder :)Unknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-1094392735627525300.post-13620428982632247912012-06-21T11:37:06.007-07:002012-06-21T11:37:06.007-07:00In my humble opinion, I honestly think eCPPT is go...In my humble opinion, I honestly think eCPPT is good, but it lacks in many places, and i found myself a little disappointed by the exam, which quite frankly, is s**t easy to pass. Furthermore they don't really check your report that well; i wrote a very crappy one and i still managed to pass even when I should have put more effort in (though I did try for the most part) While it teaches a lot about web security there is no focus on network or os hacking at all.<br /><br />On the other hand PWB is much harder and actually makes sure you know your stuff. Think of it like eCCPT, but for hacking into computers. Turn the difficulty up by about 5-8 notches, and leave the person pretty much on their own to learn. Provide help if applicable (aka this isn't working in the labs, can you please reset my revert counter, etc) and let simmer. If all is good, you should develop a well rounded hacker.<br /><br />To give an example of the challenge, many of these hosts do not have straight forwards exploits. While I will say that many of them can be exploited with metasploit, the way that you go about that is not as simple as click n pwn for most hosts (a few easy ones are) For example I just pwned a box recently, which required 3 steps of enumerating the web pages, then finding an exploit to give me the admin password for the webpage and then using that to create a backdoor. <br /><br />I would say if your going to go for this course, then do the following:<br /><br />1. Hack as many boot2roots as you can. When you get stuck, try harder, and if you still don't get it then look at the answer. Even if you look at the answer you will still learn, though not as much. By looking at these exploits you will soon learn to recognize patterns and exploits that will help you in the labs (a lot of the exploits on these vulnerable systems are similar in the labs ;) )<br /><br />2. Be prepared to put in time. And i mean time. I spent about a good 4-6 hours a day for the first month or so going though the videos and lab guide and I have just finished (well minus one required one because I have actually skipped a few days to try pwning the labs)<br /><br />3. MOST IMPORTANT: WHEN YOUR LOST, ITS CAUSE YOU DIDN'T ENUMERATE ENOUGH! <br /><br />3a. Check to see if you set up your exploits right, sometimes that localhost isn't what you think it is.<br /><br />3b. Don't work at silly o clock in the morning, it will cause you to make stupid mistakes even if the solution is right there.<br /><br />4. Stay up to date with security news, it will help you develop the mentalitly needed.<br /><br />There's more but I need to head to bed atm. (2:36 in the morning here)<br /><br /><br />Best of luck!<br /><br />-tekwizz123thetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-64682671065788736822012-06-20T22:02:32.686-07:002012-06-20T22:02:32.686-07:00Nice man, actually had a few posts to catch up on ...Nice man, actually had a few posts to catch up on since I missed them ;).<br />You're making me jealous though, I really wanna do the OffSec courses, they sound awesome. What's your take on difficulty level compared to eCPPT? I decided to do eCPPT first since it was meant to be more of a challenge, but that's going by strangers, what do you think so far?Anonymoushttps://www.blogger.com/profile/13077954383184334449noreply@blogger.com